diff --git a/lib/WeBWorK/Authen.pm b/lib/WeBWorK/Authen.pm
index c5de75dd0e..2c16a91b78 100644
--- a/lib/WeBWorK/Authen.pm
+++ b/lib/WeBWorK/Authen.pm
@@ -482,7 +482,8 @@ sub verify_normal_user {
 			# two_factor_verification_needed is deleted from the session.
 			my $otp_code = trim($c->param('otp_code'));
 			if (defined $otp_code && $otp_code ne '') {
-				my $password = $c->db->getPassword($user_id);
+				# The password record may not be defined (e.g. for LDAP authentication). So create one if it isn't.
+				my $password = $c->db->getPassword($user_id) // $c->db->newPassword(user_id => $user_id);
 				if (
 					WeBWorK::Utils::TOTP->new(
 						secret    => $self->session->{otp_secret} // $password->otp_secret,
diff --git a/lib/WeBWorK/ContentGenerator/TwoFactorAuthentication.pm b/lib/WeBWorK/ContentGenerator/TwoFactorAuthentication.pm
index 3b211f61fb..11846668da 100644
--- a/lib/WeBWorK/ContentGenerator/TwoFactorAuthentication.pm
+++ b/lib/WeBWorK/ContentGenerator/TwoFactorAuthentication.pm
@@ -44,11 +44,9 @@ sub pre_header_initialize ($c) {
 	$c->stash->{otp_qrcode} = '';
 	$c->stash->{authen_error} //= '';
 
-	# Note that this user has already authenticated with username and password,
-	# so this and the $user below should exist.
 	my $password = $c->db->getPassword($c->authen->{user_id});
 
-	if (!$password->otp_secret) {
+	if (!$password || !$password->otp_secret) {
 		my $totp =
 			WeBWorK::Utils::TOTP->new(
 				$c->authen->session->{otp_secret} ? (secret => $c->authen->session->{otp_secret}) : ());
@@ -61,6 +59,7 @@ sub pre_header_initialize ($c) {
 			GD::Barcode::QRcode->new($otp_link, { Ecc => 'L', ModuleSize => 4, Version => 0 })->plot->png;
 		};
 
+		# Note that this user has already authenticated so the user record should exist.
 		my $user = $c->db->getUser($c->authen->{user_id});
 
 		if ($ce->{twoFA}{email_sender} && (my $recipient = $user->email_address)) {